IETF Logo Mail Archive

Re: [openpgp] Followup on fingerprints

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 04 August 2015 03:32 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE11A1B33DF for <openpgp@ietfa.amsl.com>; Mon, 3 Aug 2015 20:32:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBYqoEmEhCFx for <openpgp@ietfa.amsl.com>; Mon, 3 Aug 2015 20:32:17 -0700 (PDT)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9A261B33BE for <openpgp@ietf.org>; Mon, 3 Aug 2015 20:32:16 -0700 (PDT)
Received: by lbqc9 with SMTP id c9so62456696lbq.1 for <openpgp@ietf.org>; Mon, 03 Aug 2015 20:32:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=65hnQ6aHym1sQJjg5Yccv7TEZJkEnLqsBjqIHz0ncKo=; b=0YTxXyXowxEIIfcOM+xvCuM4gqXI5ayceaeTAMGPl1Zpg2CV7ieeSHWCKkcFL0YvYd 5m/FueMRnmyWCltdoiZGChkPiN0o2lZn6U/xf8LvzS3ZWcNvvD2FSdGenpixK98vjKZC d2wQ+bO2kcjR2vW+wHyZ3TWi6NbIYYMwHTo/ebU1ep5Ppfar/CA80JHI4/NaSpg1W0qH Hvxkdhg92UoYoOmAEUQGPgc/NLHzHEIMVsmACROgNLd2BCAgELpRkfXR7Bulf/xrodMO dG5h1tFAOHc/YkqJkSM0Mf9tqo8c0/lfqYHNYZ4jE+EncXIKaMbmi/MRVzeVgOrGSmT8 b/eQ==
MIME-Version: 1.0
X-Received: by 10.152.21.71 with SMTP id t7mr1110391lae.118.1438659135386; Mon, 03 Aug 2015 20:32:15 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Mon, 3 Aug 2015 20:32:15 -0700 (PDT)
In-Reply-To: <87h9of7p0e.fsf@littlepip.fritz.box>
References: <87twsn2wcz.fsf@vigenere.g10code.de> <CAMm+LwgRJX-SvydmpUAJMmN3yysi4zzGSpO2yY4JAMhD-9xLgQ@mail.gmail.com> <87zj2ecmv8.fsf@alice.fifthhorseman.net> <CAMm+LwgKmcTes=V7uS3MjCQixWCo-i7PY=VE7eCHSqt3Ho3OSg@mail.gmail.com> <87a8udd4u6.fsf@alice.fifthhorseman.net> <sjm61503182.fsf@securerf.ihtfp.org> <CAMm+LwgEVySpfL-iN2uzX-4tu7R+isDkHE9D8uAeLTxxd4VxqQ@mail.gmail.com> <sjmwpxc1kbv.fsf@securerf.ihtfp.org> <CAAS2fgR6LYck+km5Ze6S9z65ZgsR61d8md2CqojDaceZ0OrZrw@mail.gmail.com> <9c2c8c5df67c83925d7e3c21fe943483.squirrel@mail2.ihtfp.org> <20150803173231.GG3067@straylight.m.ringlet.net> <2439a89a6c4eb70044e144406a732482.squirrel@mail2.ihtfp.org> <87io8v7uqt.fsf@littlepip.fritz.box> <87h9of7p0e.fsf@littlepip.fritz.box>
Date: Mon, 03 Aug 2015 23:32:15 -0400
X-Google-Sender-Auth: PqqU6h0RzBBaRuXD92RQ-PCe5z4
Message-ID: <CAMm+LwgTnommNMK63vhd4H+LHdGSnvhkgow2-QSMbcYEfUTUEg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Vincent Breitmoser <look@my.amazin.horse>
Content-Type: multipart/alternative; boundary="089e013d1fe4b7bcbd051c73ee63"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/KgD5vqykrDwuoFmTDbRW3XJGfGU>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Followup on fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2015 03:32:18 -0000

On Mon, Aug 3, 2015 at 10:42 PM, Vincent Breitmoser <look@my.amazin.horse>
wrote:

>
> > Maybe I missed an answer to this, but could someone please explain
> > what the point of finding a collision on a pgp fingerprint is, and
> > why we need to consider it as an attack scenario in the first plce?
>
> I could have been more clear here: I saw the previous answer, but the
> discussion went into the direction of collision feasibility without
> really answering dkg's doubts about whether this was even a reasonable
> scenario, and I'm not convinced it is.
>
> > Mallet joins an open source project which only takes the first 100
> > bits for the fingerprint. He uploads the key for M1 to a keyserver.
> >
> > He then commits a large number of malicious patches using M2 for
> > authentication. These are all authenticated against his public key M2
> > when he does the commit but the repository uses the key sent in band
> > and does not keep the key for later verification.
>
> So the premise here is:
> - a user uploads his key, but it is not actually used other than for its
>   fingerprint
> - at authentication time, a public key sent by the user is used to check
>   signatures, which is only checked to have the same fingerprint as the
>   uploaded one
> - the implementation uses truncated fingerprints for this
>
> > At this point, any attempt to hold Mallet accountable is going to have
> > to rely on a human examining the logs and working out that Mallet must
> > have generated the malicious pair of keys. There is going to be no way
> > to unwind the thing automatically.
>
> And the actual attack is "slightly weaker non-repudiation"?
>

The attack is to confuse someone's perl hack into letting someone get away
with something they should not.

v2.23.0 | Report a Bug | By Email